This looks like something I could have really used for a large public/private access sites running on multiple Tomcat and Apache servers.

In general, I have spent a lot of time implementing user/access management administration for J2ee/web apps, and then also dealing with creating custom single sign-on mechanisms. Are others spending a lot of time on this, or what are people using to not get bogged down in this area.

I have been looking at OSUser and OSAccess lately. Are there any open source projects dealing with single sign-on?

We have been doing server-based Java projects since 1997. In each project, we had to marry our authentication and access control to the platform's security. In addition, we often had to create layers of our own security code to overcome limitations of the platform security. A simple example would be: "What if authentication/authorization was not just role based, but based on time of day or an account balance?"

Furthermore, we experienced difficulty with Single Sign-on between Java servers and web servers, especially when there are multiple servers in a farm.

The only available solutions to these problems were SiteMinder, ClearTrust, etc. Very pricey and complex solutions, and not quite flexible or open enough to meet our project needs (you even had to sign non-disclosures to get an eval).

Hence, Cams was created with the following high-level objectives:

1) Ease-of-use and evaluation - you can download the eval from our site and have it running in a few minutes
2) Cost effectiveness - The cost is a fraction of what competitors charge and priced for 100 percent ROI in 1 to 2 developer months.
3) Reliability - Cams is packaged, tested, and supported by Cafesoft.
4) Flexibility - Cams is extensible via open developer API's (see the Javadoc on our site)

I agree that a Single Sign-on (SSO) solution should be evaluated to ensure that it addresses the needs of your project/enterprise. But if the project/enterprise scope only requires SSO across specified web tiers, that is a valid use of the terminology also.

In addition, I'd like to point out that Cams has open developer APIs and exposes the JAAS APIs it uses. The developer is free to create custom "Cams agents" for unsupported platforms or internal application and JAAS LoginModules for unsupported user/password repositories. See the published Javadoc in the download or on our site.

We are planning to release additional agents and LoginModules in future releases. Hence, the scope of Cams SSO support will expand.

I have no doubt that Cafesoft may be onto something. But in a previous job, I have dealt with Single-Sign-On implementation for one of the biggest (and baddest)names in this business and from experience I can say that integration with desktop based logon screens is very very critical. Most companies spend $$ on SSO just so that when moronic end users forget their password on Exchange/ NT / whatever else, the helpdesk can handle the problem quickly annd cost efficiently.

JAAS is a good start but helpdesk organzations would like your app to talk natively with the multitude of Unix,Windows etc. protocols and for a good measure even do some screen scraping, for integration with older apps or host communications. Thats a tall order!

You have a great solution for a small part if the problem. I think the next logical step for you would be to get into partnerships with IBM Tivoli, CA-Unicenter and HP OpenView.

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations technology projects - with its network of technology-specific websites, events and online magazines.